if you notice weird differences in your files and system folders

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Raj, the first of a few mails you will be getting. Since you have decided to
extend my service on this issue, please don’t feel these are urgent. They
will most likely become more so, as time progresses, but I have a few tools
available to me to aid in keeping my system stable until we get to the bottom
of this...these mails are more for MSN to be updated on situations and for my
own personal knowledge. The attachment doc on here comes from a deep intense
system scan of my entire system. All files in this attachment were found
after a pretty logistic scan on my system, followed by a full update of
nortons, a full windows update, and an internal file cleanup run on my
hardware. All of this was done immediately following a system restore, and I
pulled my ethernet before restarting my system. I do realize that most of
these files are redundant and after the scan the folder read 0 bytes info.
The problem on this thing is that when I ran my update for nortons, the last
thing I did btw, and restarted, camfrog pro insisted on popping up and trying
to load anyway. There should have been no exe file in my system registry at
that time, yet the first time I ran the scan, there were only 8 files shown
with 3 uninstalls and everyone of them was taken out of cache and supposedly
no traces found afterward. I would love to know if one of these files DOES
contain an exe file, and also determine whether it is a camfrog app in
actuality. I realize that I could perform this myself but I am seriously
unhappy with the idea of opening one of these folders and turning this thing
loose in my system yet again. I am tired of looking at my explorer bar, and
I am tired of setting system restore, which Is ALWAYS the end result of
chasing this thing around my system. So far I have had my folders remain the
way I set them and in the places that I put them for about 7 hours now, which
is a darned miracle. Every time this thing gets loose, when I manage to make
it back to my antivirus software, they say system status URGENT fix
immediately, and there is always at least one system active setting turned
off. Norton insists that it has no info on this rapidly spreading outbreak
it is informing of, so maybe we can isolate this thing. At this point, I am
monitoring 3 different programs tightly:
1) Camfrog pro website

2)Yinst toolbar helper object--reason that I seem to maintain a reasonably
stable system as long as I leave YIM on exit.
(which would lead me to a fourth possibility of a bad bad man in my contact
list there)

3) transmac program.

please get back to me with any results as soon as you can get them, to help
me to narrow down the possibilities and start checking others. Norton is
correct. This IS a rapidly spreading threat. From the first encounter in
any profile on my pc, eta until total system failure less than 2 hours, and
you can literally watch this thing race through your files in explorer,
rewriting folder specs, changing opening programs and literally placing
folders in different places. BTW, I have full Norton scan logs at your
request, and I can also send a log of my system specs at restore point as
well. PS I am ccing this post to msn groups as well, if you have any
problems let me know and I will discontinue. Thanks, jeffosb.
 
Thank you for posting in this newsgroup. Since we don't have a clue what
you're talking about, would you care to enlighten us?
 
Absolutely...i ran into a problem on a friends pc a few days back, checking
the system i noticed that things were wrong. Everything was downloading to
desktop, the windows files read something like: desk, my docs, C:/program
files/itunes/windows/etc
having worked with the explorer tree and windows setup for a while now, i
realized it was completely wrong. i simply started to rewrite the tree
myself thinnking she messed it up not keeping folders organized. My fix
totally whacked out her pc, resulting in her being very angry. When i came
home to mine i was in the middle of trying to find a driver for an isee pro
cam which came to me without one. see post for that one, cant remember
where but it will come up on a search for isee within these boards. anyway i
dl a program named transmac which is supposed to translate mac programs to a
format for windows xp, got the drivers from mac, ran them through, installed
cam. long story short, even with a 2 week old xp fully loaded with 5
differnt failsafes, i ended up with a virtually unusable O/S...the other post
wil have more detail. i went to tech support and we came to the conclusion
that i messed up a port setting on the translator and and hence the problems.
As we get further into this, we are determining that the new trojan
out(details on symantec) is the culprit. Problem is, it piggybacks in on
good programs and has mask capabilities. i swear that everything in the post
is accurate. We are trying to find the original file because unless we find
it it is in here permanently changing, rewriting registries, changing folder
settings, i may try to download a pic file to to my windows picture it
library, only to burn out my modem because i was actually trying to install
it in the gateway driver. right now i do have system files trying to act
like itunes files in profile 3. i can reset folder ops but in that part of
the drive, it will be something different in 15 minutes. seriously, the
faster your bus and the more you surf, change folders, download, whatever you
do (and seriously all messengers are pure evil if your pc contains this
virus)it will spread like wildfire with a dsl gateway, on any profile i have
built on this pc and let run, the system is down in under 2 hours, with the
only way to save the profile being system restore, if you can find the
program. before the system goes, all folders will be ran through the start
menu and the explorer tree will be a straight line folder to folder and none
accurately projecting contents. the only thing surviving so far is this
profile which runs the newest version of norton internet security. My start
procedures from off mode
ensure ethernet unplugged/power on/choose profile 1 in dos and enter/be
ready to right click task bar for manager/bring up manager/log off user
/choose administrator w/ password/enable nortons, choose internet security(it
will be disabled every start/close any applications which auto started, yes
even the ones which no longer exist according to windows/open and inspect
every compartment in nortons, stay until it shows green reset password. at
that point i can plug in internet and so far i have been online almost 12
hours so far and still kickin, all folders are where i put them. on prof 4
earlier i took security off for 5 minutes, and enough of my folders were
changed that i didnt recognize my system....good thing is, if you catch it
and are fortunate enough to have a good log file on nortons, it can be
corrected by re enabling norton security. norton will redesign file system
and guard system well, but at logoff the program WILL disable internet
security. That is what the post is about and thats where we stand now.
Symantec knows it is here but so far doesnt know where. neither do we. it
is predator, it masks, hides and places what it wants where it wants without
the security system i spoke of. we are trying to isolate it using different
hardware profiles to see how it acts and where. So far just about everything
i have read on this board is a symptom odf what this does. if ya get it and
try to work with it, you will see some crazy stuff. I recommend having a
good restore point from at least a month back and know how to find it from
anywhere in your system. if you do, it will be fun, if you dont, you will
want to scream. If anyone out there has any good input at all I recommend
this email address:
mailto:[email protected]

I know he would appreciate it, and so ould I, id really like a normal login
and I want this thing out of my pc(fun or no fun)
thanks for your question Fitz
 
Dani said:
Absolutely...i ran into a problem on a friends pc a few days back,
checking
Click to expand...
(snip absolutely unreadable post)

If you were posting to share information, then it was unsuccessful. If
there was a question in there for which you wanted tech support, I
couldn't find it.

You should repost your question, clearly and concisely, using paragraph
breaks or numbered points. As it stands, your original post reads like
a stream-of-consciousness novellette and most people, myself included,
will glance over it and not bother to wade through it. You want to make
it easy for people to help you. Here are some links to help you make a
good newsgroup post:

http://www.dts-l.org/goodpost.htm


People like me who help out in various groups every day go through those
groups quickly. We tend to skip over posts with subjects like "help" or
"problem" and if we do look at one of those, if the question is written
as one long page with no breaks, we move on. This post is not meant to
hurt your feelings; it is meant to help you maximize your chances of
getting an answer.

Malke
 
Dani wrote:

Unreadable drivel snipped....


Is English a second or third language for you? If so, may I
suggest that you try posting your question in a news group dedicated
to your native language? I say this not to insult or offend, but
rather to point out that you're not likely to get much help, if no one
can understand what you're saying.

Otherwise, I'd suggest you start by reposting in standard English,
complete with paragraphs, sentences, capital letters where
appropriate, and punctuation. As it is, your post is quite
undecipherable: some of the the words used are from the English
language, but are almost completely meaningless as currently
assembled.

Help us help you:



Otherwise, you might as well try here:

Psychic Friends Network
(800) 592-7827

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
Bruce Chambers said:
Dani wrote:

Unreadable drivel snipped....


Is English a second or third language for you? If so, may I
suggest that you try posting your question in a news group dedicated
to your native language? I say this not to insult or offend, but
rather to point out that you're not likely to get much help, if no one
can understand what you're saying.

Otherwise, I'd suggest you start by reposting in standard English,
complete with paragraphs, sentences, capital letters where
appropriate, and punctuation. As it is, your post is quite
undecipherable: some of the the words used are from the English
language, but are almost completely meaningless as currently
assembled.

Help us help you:



Otherwise, you might as well try here:

Psychic Friends Network
(800) 592-7827

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
I must assume that it is a third language for you if you cannot understand what i wrote. Yes there are a couple typos in it, mainly because the program i was speaking of was popping up strange pages and i was constantly interrupted by it. Currently my xp (operating system) since o/s seems to throw you experts for a loop, is down due to the trojan changing my registry filenames(if you need a definition for any of these complicated words, i suggest windows help) and i am viewing this on a network computer using windows me, and i can still understand what i wrote. I DO believe your posts were put here just to offend me, as i never once implied any questions that i needed help on. If my posts were garbled in any way, I ask that you copy the entire post and send it to <[email protected]> as it may be something to do with the virus. otherwise, in the event that it was posted as written, i will try to shorten it a bit.
Click to expand...
Most of the people who have posted here with problems are infected with a
trojan. It's name is abwiz and it changes files, filenames, and places where
the orignial files were at installation. Norton Internet Security is the
only protection available at this time. It does not take the trojan out of
your system, it merely stops it from changing your files. if there are any
further problems understanding me, please include specific words and i will
try to findsome which are not as complicated to substitute. (apparently the
ms tech with whom I am working concerning this problem has no trouble
understanding my emails)
 
Dani said:
Most of the people who have posted here with problems are infected with a
trojan. It's name is abwiz and it changes files, filenames, and places
where
the orignial files were at installation. Norton Internet Security is the
only protection available at this time. It does not take the trojan out
of
your system, it merely stops it from changing your files. if there are
any
further problems understanding me, please include specific words and i
will
try to findsome which are not as complicated to substitute. (apparently
the
ms tech with whom I am working concerning this problem has no trouble
understanding my emails)
Click to expand...

I also find your posts confusing. This one makes some sense.

Abwiz sounds like a minor, easily removed threat.

http://securityresponse.symantec.com/avcenter/venc/data/trojan.abwiz.c.html
http://securityresponse.symantec.com/avcenter/venc/data/trojan.abwiz.html

As this virus/trojan allows someone to take over your computer they may have
installed other harder to remove malware programs.

Kerry
 
I also agree with Kerry. If you Google for "abwiz", you'll find a lot of
info for this trojan. Even according to Symantec's web site, Trojan.Abwiz
is an "Easy" removal, and "Threat Containment: Easy". Its variants are
"Moderate" to remove. There are many tools available to remove this Trojan
and you can also manually remove it. Like Kerry said, you need to make sure
that nothing else has been dropped into your system. All in all, it doesn't
sound like a big deal.
 
yes there were other things dropped into my system. it also burned out the
top quadrant of my registry file system and changed the names and locations
of some crucial ini files resulting in multiple certificate revocations. at
present original xp operating system defunct, blank screen at startup, blank
on safe start, blank on safe start with dos prompt, blank on start with
network boot, network from alternate platform will not see/ access file
system. Nice how three days before this post norton had no info on this
trojan, and now that it has messed up my entire system containment is easy.
Now we all know how to stop it but no one knows how to restore my operating
system to previous state. I cant even access backup logs to get o/s to state
previous in order to go and access fixes. Am thinking that this entire
internet thing is a waste of time and money. In the last month i have
invested 1000 bucks trying to maintain a basic operating system without
getting hijacked and messed with. fyi, the original post in this thread was
intended for a ms tech who was working with me in trying to resolve this
issue. that is why no one understood it. the virus changed the link to here
from the reply from tech support and case number. why it ended up posted
here i have no idea, it was supposed to go to simon. I hit reply on the mail
thing. Anyway, nice to know that there are experts all over the place who
can help me with my computer instead of giving me english lessons. thanks a
lot. Danielle
 
Back
Top